Sign in with
Sign up | Sign in
Your question
Closed

Best options for file access over Internet

Tags:
  • VPN
  • Internet
  • Networking
Last response: in Networking
Share
March 16, 2010 12:50:11 PM

Hi,

What is the best option to access my files at home from Internet ?

I want to access my files (essentially musics, photos & videos for streaming or copy) residing in my home PC, from work or from other places when in vacation, over Internet. The following solutions come to my mind:

1/ Setup a web server (e.g. with Apache) meaning the protocol underneath will be http over TCP.
Goods: decent performance over wan, natural browser access
Bads: having to setup a web server and dealing with a new app (apache) that I don't know

2/ FTP
Goods: classical and not bad in performance over wan
Bads: having to setup an FTP server with access/privilege management, only copying files (not streaming)

3/ SMB over wan
Goods: seems (?) transparent as a method at least for sharing, streaming possible (no necessary to copy)
Bads: poor performance over wan (unless optimized for latency), don't know how to connect from another PC (same as on LAN ?)

4/ UPnP:
Goods: perfect for streaming, a UPnP server (e.g. MediaCenter) is the only thing required
Bads: security issues on Internet (I turned off UPnP on my router as a virus can open any port it wants!), can't copy (maybe just for photos)

As you understood, these are just my initial perception and I may be wrong on lots of suppositions.
Although I understand turning on UPnP on my router is a security risk, I have no idea what are the security risks for other methods.

Ubiquitous access is a real advantage (e.g. access from a PC and an iPhone).

Can you please advise me on which way to choose and work on ? (maybe a poll is a good idea ?)

Could you please point me to tutorials on each method above or any other method I forgot ?

Many thanks in advance
nalooti
P.S. Sorry if the subject is an oldies but I couldn't find any review/comparison on different methods. With summer approaching, I may not be the only one thinking of this

More about : options file access internet

March 16, 2010 2:10:45 PM

I wouldn't open up any of my home devices directly to the internet. If you can get to it, so can someone else.

So, I'd add these to your list:
online backup (no streaming, but can get to your files)
online hosted storage
gotomypc or similar (I am guessing you can do file transfers)

Consider encrypting any files that are stored on the 'net
March 16, 2010 2:34:45 PM

LogMeIn Hamachi

Install it on your home PC and your laptop. It’ll create a secure virtual network adapter on each system in the 5.x.x.x address space. Create a unique network name and password and have each join. You now have a secure network where you can do anything between those machines that you could do at home (e.g., access shares, printers, servers (web, ftp, telnet, rdp, etc.)). Since it uses NAT-traversal and a rendezvous server, there are no firewalls to manage (i.e., no ports to open or forward, which is a security risk anyway), and no public IPs to track (i.e., DDNS). Heck, you could even install a proxy server on your home PC and configure your laptop to use it when working from an open wifi location so your local traffic remains secure! And if you want to add more PCs to your network, just install and have them join.

An amazing product if you learn how to exploit it, and it’s all free.

The one thing that’s missing is support for the iPhone. But you could use LogMeIn Ignition for iPhone as a remote desktop solution in that case. And I even use LogMeIn Free for remote desktop purposes at times as well.

Truth is, as you add more types of devices to the mix, it’s always going to be difficult to find one solution that does it all. What you need to do is try a few things, particularly the easy things first, like Hamachi, and find out what you can and can’t do. Some may not be immediately obvious (like that trick w/ the proxy server I spoke of). Then find other solutions (and usually more complex ones) only as necessary to fill in the gaps.
Related resources
March 16, 2010 3:36:46 PM

gtvr said:
I wouldn't open up any of my home devices directly to the internet. If you can get to it, so can someone else.

So, I'd add these to your list:
online backup (no streaming, but can get to your files)
online hosted storage
gotomypc or similar (I am guessing you can do file transfers)

Consider encrypting any files that are stored on the 'net


Thanks for sharing your security concerns but being on ADSL, online backup is out of the question because of my little upload bandwidth. Added to that is the overhead of encrypting everything I'd send to the online host. I suppose it'll take some time to send a terabytes of data!

But anyway, apart from professional websites on Internet, thousands of people just install a web service at home (and I suppose not necessarily through a DMZ machine). How many are attacked each day ?
March 16, 2010 4:02:44 PM

eibgrad said:
LogMeIn Hamachi

Install it on your home PC and your laptop. It’ll create a secure virtual network adapter on each system in the 5.x.x.x address space. Create a unique network name and password and have each join. You now have a secure network where you can do anything between those machines that you could do at home (e.g., access shares, printers, servers (web, ftp, telnet, rdp, etc.)). Since it uses NAT-traversal and a rendezvous server, there are no firewalls to manage (i.e., no ports to open or forward, which is a security risk anyway), and no public IPs to track (i.e., DDNS). Heck, you could even install a proxy server on your home PC and configure your laptop to use it when working from an open wifi location so your local traffic remains secure! And if you want to add more PCs to your network, just install and have them join.

An amazing product if you learn how to exploit it, and it’s all free.

The one thing that’s missing is support for the iPhone. But you could use LogMeIn Ignition for iPhone as a remote desktop solution in that case. And I even use LogMeIn Free for remote desktop purposes at times as well.

Truth is, as you add more types of devices to the mix, it’s always going to be difficult to find one solution that does it all. What you need to do is try a few things, particularly the easy things first, like Hamachi, and find out what you can and can’t do. Some may not be immediately obvious (like that trick w/ the proxy server I spoke of). Then find other solutions (and usually more complex ones) only as necessary to fill in the gaps.

Thanks for your time to answer but having got a look at your soft (quickly) I see several points:

1/ It's a hosted service. Does that mean there is a third party between me and my home computer ? If this is the case, it's not for me. I understand that there is no INCOMING connection so no port have to be opened. All communications go through a third party server (rendez-vous point). I know you can encrypt your data being in transit on the server. But anyway you go through a third party having made that piece of soft. How can you trust it ?

2/ It is a secure VPN. What is the difference with another "lambda" VPN ? These are all secured/encrypted tunneling software

3/ It is a Remote Desktop soft. Well, I have RDP on Windows for free with file transfer capabilities, encryption, etc. The file transfer capability in LogmeIn is NOT free

All in all, I don't know a 100% secure solution myself but one of my goal was also to let some foreign family being able to access my photos so I have no more to send them by mail. A complex solution, even if good for hacking prevention, can't satisfy my goal.

As I said anyway in my previous post are those thousands of people having some opened port (Emule, FTP, RDP, etc.) are always attacked ?! If yes why those hundreds of freeware to build a simple website ?

I agree that security is a must and I wouldn't expose myself to useless and unconsidered risks. However, I'd not build a banking-style security in my home just because I want some degree of usability and ease of use.

Well, I'm just searching the right middle...

thanks for your answer if I was wrong on the product understanding.
March 16, 2010 4:08:09 PM

well, if it's slow to upload to an online host, it'll be slow for you to access by any of the listed methods. At least with the online backup, you can do it in the background, or off hours (ahead of time) vs. being slow when you want the file.

I don't know how many are attacked. Not saying you can't do it, just bringing up the idea that security needs to be something you think about when doing it, not just speed/how to issues.
March 16, 2010 4:47:39 PM

nalooti said:
1/ It's a hosted service. Does that mean there is a third party between me and my home computer ? If this is the case, it's not for me. I understand that there is no INCOMING connection so no port have to be opened. All communications go through a third party server (rendez-vous point). I know you can encrypt your data being in transit on the server. But anyway you go through a third party having made that piece of soft. How can you trust it ?


What's hosted is the rendezvous server. That’s only used to locate your network peers. Once they're found, communications is direct and the rendezvous server is out of the picture. In fact, you can test it yourself at home. Once the connection is established, you can pull the plug on the Internet connection and it will continue to work.

nalooti said:
2/ It is a secure VPN. What is the difference with another "lambda" VPN ? These are all secured/encrypted tunneling software


I have no idea what "lambda" VPN means. It uses SSL, so it's as secure as anything else you depend on day to day, including online shopping, online banking, etc. It's encrypted (AES 256-bit encryption) and uses SSL authentication. That's also why it's more likely to work in remote locations; many ISPs block standard VPN ports, but none will block SSL (port 443). That's something ppl using a traditional VPNs don't always consider.

nalooti said:
3/ It is a Remote Desktop soft. Well, I have RDP on Windows for free with file transfer capabilities, encryption, etc. The file transfer capability in LogmeIn is NOT free


I only suggested LogMeIn Free as an alternative at times when you only want remote desktop. Yes, in that case, file transfer is not available for free. But that's why I mentioned Hamachi first. You can run RDP over Hamachi if you prefer (esp., if you know you need file transfer). LogMeIn Free was merely a throw-in in case you didn't want to run Hamachi + RDP (maybe you only need to check email from your Outlook Express application at home).

But again, if you don’t like LogMeIn Free, don’t use it, just use Hamachi and run RDP over it. Besides, RDP has some vulnerabilities. For example, although the session is encrypted, the authentication process is not (at least last time I checked) making a MITM (Man In The Middle) attack possible (granted remote, but possible). And RDP requires leaving ports open, which is a risk and may be blocked by the ISP.

nalooti said:
All in all, I don't know a 100% secure solution myself but one of my goal was also to let some foreign family being able to access my photos so I have no more to send them by mail. A complex solution, even if good for hacking prevention, can't satisfy my goal.


I don't know how much simpler it can get than Hamachi. You install it, join the network, you're in. Now setup up your shared folders, services, etc., as if those on the VPN were on the same local LAN. It’s almost too easy, too open if you plan to grant access to someone you don’t fully trust.

Now realize you’ve described several different scenarios here. It’s one thing to want remote access to your own home network, it’s another to consider remote access by others you “possibly” don’t trust to the same degree. That’s why I said, there is no one solution that’s going to solve every remote access requirement as each scenario introduces different issues regarding access control, security, ease of use, etc. For times when you want to provide access with minimal exposure of your network to others, then consider using an application like DropBox. Now those files are hosted remotely and you can either have those you want to share the DropBox join your account or perhaps just email public links to select files. But now those files are in the hands of third parties (supposedly encrypted and out of reach), perhaps an issue for you.

So if you have very tight and restrictive requirements for this or that scenario, you’re gonna have to decide what you can and can’t live with. Personally, for my own remote access needs, Hamachi works great, is simple to use, and represents the least hassle. But you may feel differently. So be it.

March 17, 2010 8:21:19 AM

eibgrad said:
What's hosted is the rendezvous server. That’s only used to locate your network peers. Once they're found, communications is direct and the rendezvous server is out of the picture. In fact, you can test it yourself at home. Once the connection is established, you can pull the plug on the Internet connection and it will continue to work.



I have no idea what "lambda" VPN means. It uses SSL, so it's as secure as anything else you depend on day to day, including online shopping, online banking, etc. It's encrypted (AES 256-bit encryption) and uses SSL authentication. That's also why it's more likely to work in remote locations; many ISPs block standard VPN ports, but none will block SSL (port 443). That's something ppl using a traditional VPNs don't always consider.



I only suggested LogMeIn Free as an alternative at times when you only want remote desktop. Yes, in that case, file transfer is not available for free. But that's why I mentioned Hamachi first. You can run RDP over Hamachi if you prefer (esp., if you know you need file transfer). LogMeIn Free was merely a throw-in in case you didn't want to run Hamachi + RDP (maybe you only need to check email from your Outlook Express application at home).

But again, if you don’t like LogMeIn Free, don’t use it, just use Hamachi and run RDP over it. Besides, RDP has some vulnerabilities. For example, although the session is encrypted, the authentication process is not (at least last time I checked) making a MITM (Man In The Middle) attack possible (granted remote, but possible). And RDP requires leaving ports open, which is a risk and may be blocked by the ISP.



I don't know how much simpler it can get than Hamachi. You install it, join the network, you're in. Now setup up your shared folders, services, etc., as if those on the VPN were on the same local LAN. It’s almost too easy, too open if you plan to grant access to someone you don’t fully trust.

Now realize you’ve described several different scenarios here. It’s one thing to want remote access to your own home network, it’s another to consider remote access by others you “possibly” don’t trust to the same degree. That’s why I said, there is no one solution that’s going to solve every remote access requirement as each scenario introduces different issues regarding access control, security, ease of use, etc. For times when you want to provide access with minimal exposure of your network to others, then consider using an application like DropBox. Now those files are hosted remotely and you can either have those you want to share the DropBox join your account or perhaps just email public links to select files. But now those files are in the hands of third parties (supposedly encrypted and out of reach), perhaps an issue for you.

So if you have very tight and restrictive requirements for this or that scenario, you’re gonna have to decide what you can and can’t live with. Personally, for my own remote access needs, Hamachi works great, is simple to use, and represents the least hassle. But you may feel differently. So be it.

Thanks again for your detailed explanations. Few points:

I realize that I didn't understand exactly how Hamachi works. Actually I though Hamachi and LogmeIn were the same and didn't know I can dissociate them. I have to read in detail the soft.

Second I still don't understand when you say pull the Internet plug and it continues to work! I'm accessing my home files via Internet, so how can I pull the plug ??!
I can understand that rendez-vous point is just for establishing the connection but I don't understand how it disappears once the connection is established between two endpoints without even having some ports opened. If it is similar to Emule via servers, well Emule needs an open port. Even Kad which is a real peer to peer without any server in the middle needs an open port.

Third, you correctly mention different people accessing my files with different security concerns. You're right, I'll not let my friends & family doing RDP to my computer while I'd like them to be able to access the files and folders I'll share. That's why in the first place I separate Remote Login/Desktop with real file sharing; the former for me and the latter for others. Actually I can now do RDP and download/upload ANY file on my file system. But this is similar to FTP, that is one file per download/upload operation. This isn't practical for say tens of photos or music; also, streaming isn't possible this way.
The perfect solution would be to use 2 soft/methods: first RDP for me so I can control entirely my computer and change what is shared instantly. Second an SMB-like sharing where I can share a set of folders for copy/streaming operation.
The RDP part is OK. This is the second part I'm looking for. Is there any way to do SMB share in an encrypted tunnel ? Can Hamachi do that ? I know SMB has security holes but in W7 it is optimized for high latency links.

As previously said, my ADSL upload bandwidth is too low in order to chose an online storage/sharing solution. But it is ok for streaming a song or downloading few photos/music (by me or foreign family).
With online storage I have to upload many many files first so one can choose and download few ones among all of them.

thanks again for sharing your thoughts
nalooti
March 18, 2010 7:05:59 AM

You may want to check out Team Viewer. It's a free remote access application. It's password protected so it is safe.

You need to install it on your desktop and laptop and can remotely access both from the other computer as long as it is connected to the internet.
March 18, 2010 3:37:22 PM

You may want to consider looking at the various VPN solutions out there as they give you the flexiblity that you need. Personally I use an ASA 5505 as my firewall which allows for both IPSEC and SSL client and clientless VPN's. The iPhone will support Cisco's IPSEC vpn out of the box, but their maybe others that you could install on it via an App... I know some of the home routers will support VPN's but not sure if they would be compatible with the iPhone client.

For example this Linksys supports IPSEC, but it's not clear if it will allow you to connect INTO your network using it... you'd have to verify:

http://www.linksysbycisco.com/US/en/products/BEFVP41

In short you're going to have to either sign up for a 3rd party service (Apple offers MobileMe which will integrate nicely with their "AirPort" routers, or Hamachi sounds cool too, I've never used either so I can't recommend one or the other) or you'll need to figure out a VPN type of solution that works for your phone and your computer. If you go the VPN route you'll also have to remember you'll need some type of dynamic dns so you can find yourself. The Cisco ASA will absolutely do everything you need.... but it's not cheap and can be a pain to configure.

Other options to look at might be something like untangle or pfsense... but I'm not sure you'll get your iPhone VPN support if you that route... thats going to be the hard portion of this.
!